China has decided to suspend its involvement in a cybersecurity working group with the United States after the United States accused Chinese government hackers of commercial espionage. The Chinese decision threatens to undo efforts to find common ground to tackle hacking. The United States on Monday indicted five Chinese military officials for stealing trade secrets. China’s Foreign Ministry called the U.S. move a “serious violation of the basic norms of international relations,” while China’s State Internet Information Office likened the U.S. actions to “a thief yelling ‘Catch the thief.’”

There is a debate going on inside U.S. government agencies whether the U.S. government -- more specifically, the NSA and U.S. Cyber Command -- should stockpile Internet vulnerabilities or disclose them to the public and fix them. Experts say this dilemma illustrates the difficulty of separating attack and defense in cyberspace. A software vulnerability is a programming mistake which allows an adversary access into that system. Hundreds such vulnerabilities are discovered every year. When someone discovers a vulnerability, he can either use it for defense or for offense. Defense means alerting the vendor and getting it patched. Offense means using the vulnerability to attack others.

Experts say that the U.S. government cybersecurity practices are hobbled by rigid human resources policies which must be changed if agencies are more effectively to recruit, train, and keep talented IT professionals. Part of the problem has been that agencies such as the DHS, the National Institute of Standards and Technology, and the U.S. Office of Personnel Management, among others, have not had a common terminology for positions or a common expectation of the skills that a given position should include. A NIST-led program by the National Initiative for Cybersecurity Education, or NICE, is beginning to merge these differences into a shared definition, the experts noted.

Warnings about dangerous vulnerability to hacking of the U.S. electric grid and other critical infrastructure have been issued for years, but security experts worry that it may take a major destructive attack to jolt CEOs out of their complacency. Awareness about cybersecurity has markedly increased in recent years, but infrastructure consultants say the industry remains reluctant to spend the money needed to upgrade aging equipment -- especially in the absence of much pressure from the U.S. government, regulators, or shareholders.

The Edward Snowden revelations changed lives in the cyber community, from slowdowns in obtaining high-level security clearances to providing material for a "really good comedy routine." Experts at the cybersecurity forum this week were asked how Snowden altered their worlds. The creation of a mini "Snowden industry" is one on them.

The U.S. government has launched an initiative designed to protect the supply chain of both civilian and military agencies from potential cyberattacks. The effort is important in the e-commerce procurement process. The information and communications technology segment of the federal IT market potentially covered by the program involves 322 products and services with a total FY2013 value of $62.8 billion. The initiative is being managed jointly by the General Services Administration and the U.S. Department of Defense.

The Israeli military last year appointed a legal adviser for cyber warfare, whose main task is to regulate cyber warfare activities based on principles of international law. The IDF has refused to confirm whether one of this adviser’s tasks is to approve targets, as it is for most of the IDF's legal advisers in operational positions. Many of the military's field commanders have been critical of these legal advisers’ work.